heise PlusAbo
Anzeige

GitLab security vulnerabilities: Attackers can manipulate software development

GitLab Community Edition and Enterprise Edition are vulnerable. The developers recommend a quick update.

listen Print view

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

The developers have closed a total of six security vulnerabilities in current GitLab versions. After successful attacks, attackers can manipulate the development of software, among other things.

Patch now!

The GitLab developers list information on the closed vulnerabilities in a warning message. Specifically, GitLab Community Edition and Enterprise Edition are at risk. The most dangerous is a "critical" vulnerability (CVE-2024-6385) that allows attackers to trigger pipeline jobs on behalf of another user under certain, unspecified circumstances. Pipelines are used by developers to automate certain steps such as builds and tests.

Videos by heise

The remaining vulnerabilities are classified as "medium" and "low". Attackers can carry out subdomain takeover attacks at these points, among other things. GitLab assures that it has closed the gaps in versions 16.11.6, 17.0.4 and 17.1.2. Even if there is no mention of ongoing attacks in the warning message, the developers advise a quick update.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten